What is the CVSS score of EUVD-2026-27337?

EUVD-2026-27337 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of GR140DG/GR140IG are affected by EUVD-2026-27337?

ALTICE LABS GR140DG/GR140IG fiber gateway devices contain an authenticated command injection vulnerability that allows credential-holding attackers to execute arbitrary root commands via the…

GR140DG/GR140IG EUVD-2026-27337

| CVE-2026-31196 HIGH

OS Command Injection (CWE-78)

2026-05-05 mitre

GHSA-489r-v3h6-c72q

Command Injection

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 06, 2026 - 21:30 vuln.today

CVSS changed

May 06, 2026 - 19:22 NVD

8.8 (HIGH)

CVE Published

May 05, 2026 - 00:00 nvd

HIGH 8.8

DescriptionNVD

The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.

AnalysisAI

Authenticated command injection in ALTICE LABS GR140DG and GR140IG fiber gateways allows remote attackers with valid credentials to execute arbitrary commands as root through the traceroute diagnostic handler. The vulnerability exists in the /bin/httpd_clientside component where unsanitized destAddr parameters are passed directly to system() calls, enabling shell command substitution attacks. …

RemediationAI

Within 24 hours: Inventory all ALTICE LABS GR140DG and GR140IG devices in production and identify which are accessible to untrusted networks. Within 7 days: Implement access controls restricting administrative credentials to ISP-authorized personnel only and disable remote diagnostic features if operationally feasible; escalate to ALTICE LABS for patch timeline and interim guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-27337 vulnerability details – vuln.today

Back

GR140DG/GR140IG EUVD-2026-27337

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code